Owing to the recent diffusion of a data communication network, a so-called home network, in which a home electric appliance, a computer and other peripheral devices are connected through a network in home so as to allow the communication between the devices, is spreading. By carrying out the communication between network-connected devices, the home network offers convenience and comfort to a user such as to allow a data processing function of each of the devices to be shared and to transmit/receive the contents between the devices. Thus, it is estimated to become more and more popular in the future.
As a protocol suitable for constructing such a home network, an UPnP (registered trademark) is known. The UPnP allows easy construction of a network without any complicated operations and permits a network-connected device to receive a service provided by each of the connected devices without any difficult operations or setting. Moreover, the UPnP is advantageous in that it is not dependent on an OS (operating system) on a device and therefore allows easy addition of a device.
In the UPnP, the connected devices exchange a definition file in conformity with XML (eXtesible Markup Language) for mutual recognition between the devices. The outline of processing of the UPnP is as follows.
(1) Addressing process for acquiring its own device ID such as an IP address.
(2) Discovery process for searching each device on a network to acquire a response from each device so as to acquire information such as device type or a function contained in the response.
(3) Service request process for making a request for a service to each device based on information acquired by the discovery process.
By implementing the above-described processing procedure, a service can be provided and received using network-connected devices. A device to be newly connected to the network acquires a device ID by the above-described addressing process and acquires information of another device connected to the network by the discovery process. A request for a service can be made to another device based on the acquired information.
On the other hand, however, it is required to consider the countermeasure against unauthorized access in this kind of network. A device in the home network, for example, a server or the like, stores the contents requiring the copyright management such as private contents or pay contents in many cases.
Such contents stored in the server in the home network can be accessed from other devices connected through the network. For example, the contents can be acquired by a device implementing the UPnP connection which corresponds to the above-described simple device connection structure. In the case where the contents are video data or music data, if a TV or a player is connected as a network-connected device, a movie can be enjoyed or music can be listened to.
Although access made by a device connected by a user who owes the rights to the use of the contents may be allowed, even a user who does not own the rights to the use of the contents or the like can easily get into the network in the network configuration as described above. For example, in the case of a network constructed by a wireless LAN, unauthorized participation in the network may occur by using a communication device from outside, a next door or the like to a server in home so as to exploit the contents. A configuration permitting such unauthorized access generates secret leakage and also becomes a serious problem in view of the management of the copyright of the contents.
In order to exclude the unauthorized access as described above, a configuration of, for example, making a server possess a list of clients whose access is allowed and executing a collation process with the list in the server upon an access request to the server from a client so as to exclude unauthorized access has been proposed.
For example, MAC (Media Access Control) address filtering for setting a MAC address corresponding to a physical address unique for a network-connected device as an access allowable device list is known. The MAC address filtering is that a MAC address whose access is allowable is registered in advance on a router or a gateway for isolating an internal network (sub-net) such as a home network and an external network from each other, and then collates a MAC address of a received packet with the registered MAC address so as to refuse the access from a device having an unregistered MAC address. This kind of technique is disclosed in, for example, Japanese Patent Application Publication No. 10-271154 (Patent Document 1).
Generally, in order to implement the registration process of the MAC address for restricting the access, however, such a process is required that a user or an administrator searches for the MAC address of a device to be connected to a network and an operator enters the searched MAC address to create a list.
In the home network, the addition of a new device frequently occurs. If the user has to search for the MAC address of a device to implement the registration process at each device addition process as described above, the facility of the network construction is hampered.
On the other hand, a network configuration including not only a PC but also a home electric appliance is constructed even in a general household. Thus, a so-called ubiquitous environment, in which any device can access the network, is being constructed. Moreover, because of the diffusion of a wireless LAN or the like, it becomes easy for a communicable device to get into the wireless LAN from outside. In such a network environment, unauthorized access to the network-connected device is more likely to occur. Therefore, the possibility of exploitation of confidential information, unauthorized read of the contents or the like implemented by unauthorized access becomes more and more likely. In such a condition, an appropriate access control configuration is expected to be easily realized without imposing a burden on a general user.